github-mirror/BookStack
2
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2025-05-31 04:55:50 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity
1,724 Commits 12 Branches 209 Tags
ec29c08bebf2f5464f5ed040f41e2d5922c22d7f
Commit Graph

254 Commits

Author SHA1 Message Date
Dan Brown
7a4425473b Fixed URL gen issue causing incorrect scheme to be used 
For #1613
 2019-09-01 12:07:51 +01:00
Dan Brown
aea5319256 Merge branch 'docker-development-environment' of git://github.com/timoschwarzer/BookStack into timoschwarzer-docker-development-environment 2019-08-26 21:24:56 +01:00
Dan Brown
7cc17934a8 Made MD editor display a sandboxed iframe 
- Also added escaping of srcdoc elements in escape logic.

Related to #1531
 2019-08-26 12:16:50 +01:00
Dan Brown
2dfe6c2d56 Fixed failing test and added more accessibility improvements 
- Updated linked images to have obvious focus styles
- Added proper role to notifications
- Made dropdown list focus styles a bit nicer.
- Updated book list chapter child slide down to be keyboard activatable.

Related to #1320
 2019-08-25 17:21:25 +01:00
Dan Brown
eab0ca9648 Covered new invite system with testing 
Closes #316
 2019-08-18 13:55:28 +01:00
Timo Schwarzer
9357620d55 Add docker development environment 2019-08-12 16:43:39 +02:00
Dan Brown
20c36d58a6 Merge pull request #1527 from BookStackApp/129-page-templates 
Page Templates Implementation
 2019-08-11 20:21:17 +01:00
Dan Brown
5fdab3b8af Updated template test to be more stable 2019-08-11 20:10:27 +01:00
Dan Brown
de3e9ab094 Added ability to use templates 
- Added replace, append and prepend actions for template content into
both the WYSIWYG editor and markdown editor.
- Added further testing to cover.
 2019-08-11 20:04:43 +01:00
Dan Brown
421dd93ffd Merge branch 'v0.26' 2019-08-06 21:50:56 +01:00
Dan Brown
f417675b1d Prevented normal users from changing own email 
To address #1542

Updates to only allow email changes by users with the users-manage role
permission.
 2019-08-06 21:29:42 +01:00
Dan Brown
2955f414dd Added iframe JS and data url escaping 
Related to #1531
 2019-08-06 21:08:24 +01:00
Dan Brown
2ebbc6b658 Merge branch 'master' into 129-page-templates 2019-08-04 16:26:38 +01:00
Dan Brown
4b0c4e621a Replaced use of custom 'baseUrl' helper with 'url' 
Also changed up how base URL setting was being done
by manipulating incoming request URLs instead of
altering then on generation.
 2019-08-04 14:26:39 +01:00
Dan Brown
1e7df28238 Set export service to set correct svg image mimetype 
For #1538
 2019-07-17 22:37:19 +01:00
Dan Brown
8fcb0e6820 Merge branch 'v0.26' 2019-07-10 20:30:36 +01:00
Dan Brown
c732970f6e Hardened page content script escaping 
Increased range of tests to cover.

Fixes #1531
 2019-07-10 20:17:22 +01:00
Dan Brown
94441832c5 Removed old translation endpoint tests 2019-07-07 13:54:17 +01:00
Dan Brown
71167426bb Started implementation of page template 2019-07-07 13:45:46 +01:00
Dan Brown
5c70413784 Fixed incorrect testing vars and reset env vars in config test 2019-06-25 22:52:07 +01:00
Dan Brown
762d1d7595 Allowed different storage types for images and attachments 
- Added new env and config vars to allow this.
- Also added tests for awkward config logic including fallback for new
env vars.

Closes #1302
 2019-06-23 16:01:15 +01:00
Dan Brown
fbb2b7ac6a Updated page nav header shift logic to be accurate 
Added tests to cover.
Fixes #542
 2019-06-16 11:32:38 +01:00
Dan Brown
3ad1b42a74 Updated page delete to handle inactive custom homepage correctly 
Fixes #1447
 2019-05-27 12:40:19 +01:00
Dan Brown
35e6635379 Fixed chapter description not showing in book exports 
Closes #1465
 2019-05-25 15:21:02 +01:00
Dan Brown
8ae35f645a Fixed faulty baseUrl rewrites 
Fixes #1452
May help #1377
 2019-05-19 16:25:05 +01:00
Dan Brown
896f88174a Updated page navigation logic to ignore empty headers 
Fixes #1429
 2019-05-15 21:02:11 +01:00
Dan Brown
97ffbaa740 Fixed issue where books titles could be leaked via shelf home view 
- Also added test to cover
Fixes #1425
 2019-05-07 22:42:48 +01:00
Dan Brown
ad542f0407 Prevented potential inline JS event usage 
- Removes 'on*' attributes from elements.
- Also updated script logic to remove scripts instead of escaping.
- All JS injection removal now uses DomDocument + xpath parsing.
 2019-05-05 13:53:37 +01:00
Dan Brown
8c190324ac Updated existing image tests to reflect changes 
- Also added some new tests
 2019-05-04 18:11:19 +01:00
Dan Brown
aeb1fc4d49 Started rewriting back-end image managment 2019-04-21 15:52:29 +01:00
Dan Brown
4e49d06182 Merge branch 'fix/registraion-form-validation' of git://github.com/cw1998/BookStack into cw1998-fix/registraion-form-validation 2019-04-21 12:24:39 +01:00
Dan Brown
2bb06463d5 Added deeper content id de-duplication 
Closes #1393
 2019-04-21 12:22:41 +01:00
Dan Brown
0bc5ccba32 Add revision restore confirm and changed http method 
Closes #1321
 2019-04-20 13:25:16 +01:00
Dan Brown
6c66a8935a Added test to check page HTML id de-duplication 
Relates to #1393
 2019-04-20 13:01:56 +01:00
Dan Brown
c24764018a Updated ldap server option parsing to work with protocol and port 
- Aligns with PHP behaviour where ports is ignore for full LDAP URI.
- Added tests to check format being passed to LDAP is as expected.
- May be related to #1220
- Related to #1386 and #1278
 2019-04-16 22:47:53 +01:00
Christopher Wilkinson
c8cf6731e2 Add min length validation on name on register form & add sign up link 2019-04-16 12:18:51 +01:00
Dan Brown
c380c10d54 Prevented bad duplicate IDs causing major exception 
Related to #1393
 2019-04-15 21:20:32 +01:00
Dan Brown
7f3f6e65b9 Aligned item creation wording and updated shelf-book-add logic 2019-04-15 20:45:04 +01:00
Christopher Wilkinson
50a9c71de0 Add tests for creating a book and adding directly to a shelf 2019-04-15 09:27:17 +01:00
Christopher Wilkinson
faa3a8b842 Add button to add a book directly from a shelf view 2019-04-15 09:27:17 +01:00
Dan Brown
9406b4d4c9 Updated view toggle to store date 
Also added test for user list order preferences
 2019-04-14 13:01:51 +01:00
Dan Brown
b12ae6d11b Added bookshelves to breadcrumbs 
- Updated breadcrumb dropdown switchers and back-end sibling code to handle new breadcrumbs.
- Added breadcrumb view composer and EntityContext system to mangage
tracking if in the context of a bookshelf.
 2019-04-07 18:28:11 +01:00
Dan Brown
7cda9b026e Updated tests to suit layout changes, Updated 404 page 
- Also replaced 'or' usage in templates with null coalescing operator
 2019-04-06 18:36:17 +01:00
Dan Brown
193e2ffebe Prevent dbl exts. on img upload, Randomized attachment upload names 2019-03-24 19:08:21 +00:00
Dan Brown
f5fe524e6c Added extension whitelist for image uploads 
- A continuation of the security issues addressed in v0.25.3
 2019-03-21 19:43:15 +00:00
Dan Brown
37b91b6b0e Hardened image file validation by removing custom validation 
- Added test to check PHP files cannot be uploaded as an image.
 2019-03-20 23:59:55 +00:00
Dan Brown
44c537de1a Performed some LDAP service/test cleanup 2019-03-10 10:54:19 +00:00
Dan Brown
6bccf0e64a Merge branch 'feature-ldap-attributes' of git://github.com/dfanara/BookStack into dfanara-feature-ldap-attributes 2019-03-10 10:31:09 +00:00
Dan Brown
042a6f9760 Updated shelf menu item to show on custom permission 
- Extended new 'userCanOnAny' helper to take a entity class for
filtering.

Closes #1201
 2019-03-09 21:15:45 +00:00
Dan Brown
5c9b528517 Abstracted userCanCreatePage helper to work for any permisison 
- Added test to cover scenario where someone with create-own permission
would want to copy a viewable item into a container entity that they
own.
 2019-03-09 16:50:22 +00:00